In this weeks CaseLeads, there's a bunch of new useful tools that might come in handy in certain situations while handling incidents? PDF Analysis, Malware Analysis, Honeypots and MAC forensics! A sequel of a multi-part series on protecting our credentials while handling incidents. When some weird registry keys appear in log2timeline results, you discover an attack vector on manipulating execution chain? More and more on Prefetch Analysis? Challenging forensicators, The Honeynet Project publishs a cool challenge for fun and profit. More on that weird DUQU source code? guess what it is? When a digital lock refuses to unlock for the FEDS, guess what they do? STEGO techniques comes to light again using foreign languages!? And finally raids are not only in games! in our real life @ The Pirates bay?

If you have an item you'd like to contribute toDigital Forensics CaseLeads, please send it to caseleads@sans.org.

MANDIANT Redline v1.5 has arrived! for those who don't know about it? it's a free utility that accelerates the process of triaging hosts suspected of being compromised or infected while supporting in-depth live memory analysis

Didier Stevens update his PDFid And pdf-parser and The major change is that these 2 tools support Python 3 too now. And then there are a couple of bugfixes and new features given by some of his readers? His tools are good-to-have in an investigator & incident responder arsenal when dealing with malicious PDF files.

Good Reads:

For investigators & incident responders who want to protect their privileged accounts credentials when interacting with comprised hosts, this is the 4th in a multi-part series on the topic of "Protecting Privileged Domain Accounts"

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to caseleads@sans.org.